GitLab Product Security Update Advisory

GitLab Product Security Update Advisory
  • A security update has been released to address vulnerabilities found in GitLab products.
  • The vulnerability addressed is CVE-2026-13320, a cross-site scripting (XSS) vulnerability (a vulnerability that allows malicious scripts to be injected into and executed on a web page) in GitLab CE/EE—a cross-site scripting (XSS) vulnerability (a vulnerability that allows malicious scripts to be injected into and executed on a web page)—and CVE-2026-6896, a cross-site scripting vulnerability affecting GitLab EE.
  • The Affected Versions are as follows:
    • CVE-2026-6896: GitLab EE versions 13.11 Through 18.11.7, 19.0 Through 19.0.4, And 19.1 Through 19.1.2.
    • CVE-2026-13320: GitLab CE and GitLab EE versions 15.7 Through 18.11.7, 19.0 Through 19.0.4, And 19.1 Through 19.1.2.
  • Patches have been provided via the latest updates, and instructions have been issued to update GitLab CE/EE to versions 18.11.7, 19.0.4, And 19.1.2.
  • Users of these products must update to the latest versions with Vulnerability Patches following the instructions on the reference site.